AT&T Notifies iPad Customers Of Security Breach Forgets to say 'we're sorry about our poor website security' Last week a security flaw on AT&T's network allowed hackers to obtain the e-mail addresses and ICC-IDs for more than 100,000 iPad owners -- many of them high level politicians or military personnel. On the heels of an announcement that the FBI would be looking into the breach, AT&T has sent out a letter to the impacted customers (sort of) explaining the breach. The letter, which avoids admitting any blame for the website's security issues, informs users that "unauthorized computer 'hackers' maliciously exploited a function designed to make your iPad log-in process faster." AT&T Then complains that the group "put together a list of these emails and distributed it for their own publicity." The hackers have responded to AT&T's letter here.
|
  TransmasterDon't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY | Yes and Gawker.... Is in hot water because they came out with a posting on their website with a lead in blaming Apple and the iPad for the problem, not reporting the problem was actually AT&T until the end of this inflammatory posting.
--
I am quite sure now that often, very often, in matters concerning religion and politics a man's reasoning powers are not above the monkey's.
- Mark Twain in Eruption | |
|  |  Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4 | Re: Yes and Gawker.... These so-called security firms are barely higher on the food chain than criminal organizations. These hacker groups claim they are doing a public service by helping companies close security holes. If that were true they wouldn't be constantly exposing the hacks to the public until after the holes were closed.
--
Are you happy with your rep in Washington, DC? | |
| | |  cdruGo ColtsPremium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:5
 ·Frontier FiOS
| Re: Yes and Gawker.... said by Romney2012:If that were true they wouldn't be constantly exposing the hacks to the public until after the holes were closed. If that were the case, many holes would never be closed. Sometimes the company needs to have a fire lit under them in order to motivate them a little. And even then it doesn't always work. From Goatse's response: quote:
I released a semantic integer overflow exploit for Safari through Goatse Security in March– it was patched on Apple’s desktop Safari but has yet to be patched on the iPad. This bug we crafted allows the viewer of a webpage to become a proxy (behind corporate and government firewalls!) for spamming, exploit payloads, password bruteforce attacks and other undesirables. The kicker is that this attack cannot be detected by any current IDS/IPS system. We released this in March, mind you, and Apple still hasn’t got around to patching this on the iPad! I know through personal experience that the patch time for an iPad vulnerability is over two months and counting. Given that, the number of parties which probably have active iPad exploits likely numbers in the hundreds, if not the thousands. The iPad simply is not a safe platform for those that require a secure environment.
That was in March and 3 months later it's still not addressed.
I don't condone their "hacking" or necessarily Gawker's reporting of it, I also don't condemn it either. They didn't release the exploit until it had already been fixed and the dataset wasn't revealed except to one outside reporter (or at least so they claim). Apple didn't say a single word to those that were exposed until long after the issue was made public and they likely would have never said anything unless it had been made public. | |
| | | | | | | nonymousPremium
join:2003-09-08
Glendale, AZ Reviews:
 ·Callcentric
| Re: Yes and Gawker.... said by orion940:AT&T outsourced their data processing to a computer firm. That computer firm has most of the work farmed out overseas to South America and India. The technical expertise of the foreigners is minimal, if that. I've seen it first-hand. This type of stuff comes as no surprise knowing whats gong on behind the scenes. O. I do not know if the technical expertise of the overseas is minimal. Just they are overseas and of course not have as much care about what happens besides getting paid. | |
| | | | | |
| | Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4 | said by Romney2012:These so-called security firms are barely higher on the food chain than criminal organizations. These hacker groups claim they are doing a public service by helping companies close security holes. If that were true they wouldn't be constantly exposing the hacks to the public until after the holes were closed. LOL. One of the Goatse hackers in jail on multiple drug charges. Mess with Apple & AT&T and the FBI will get you one way or another.
»news.cnet.com/8301-27080_3-20007827-245.html
--
Are you happy with your rep in Washington, DC? | |
|
| | security flaw on AT&T's network who would have thought. hummm | |
| | Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4 |  Goatse now blaming Apple & Safari and NOT just AT&T
»news.yahoo.com/s/nf/20100614/tc_nf/73852
Goatse Security said "all iPads are vulnerable" because of a weakness in Apple's Safari browser. The notice was in response to an e-mail sent to iPad owners this weekend by AT&T
According to Goatse, a user could click a malicious link in the browser and the security hole could allow unauthorized access to the iPad. The site said Safari does not block off high-numbered, illegitimate ports, or communication channels. This, in combination with the browser's ability to automatically fulfill software requests, could spell trouble. Apple hasn't released a fix or a statement.
Goatse countered AT&T's e-mail by noting that the breach took only an hour. It charged that neither AT&T nor Apple were taking security seriously. The FBI has said it is investigating the breach.
--
Are you happy with your rep in Washington, DC? | |
|
Reviews:
 ·Mediacom
| The prophecies begin to come true... ...as Apple's market share with computer devices (in this case the iPhone, iPod Touch, and iPad) raises, it becomes an appealing target and more people begin to exploit it.
Sure, these aren't Macs, but people aren't buying Macs by the millions right now.. they're buying iPads.
I foresee this as being a huge blow to Apple's (and hopefully they're fanboys') ego in the long run.
--
»/im/82288374/5591.png | |
|
| |
|
|
·
·
